Task Name: Scan Your Local Network for Open Ports
Objective: Discover open ports on devices in your local network to understand network exposure
Tools Used: Nmap, NSE, Wireshark
Port scanning is a method used to identify open ports and services available on a networked device. It helps in understanding potential vulnerabilities in a system and is a foundational step in network reconnaissance for both defenders and attackers.
-
Operating System: Windows 11 / Kali Linux / Ubuntu WSL
-
Nmap Version: 7.94
-
IP Range Used: 192.168.1.0/24
-
Local IP Address: 192.168.1.33
nmap -sS 192.168.1.0/24
nmap --script=vuln 192.168.1.1-
-sS: TCP SYN scan (stealthy and fast) -
192.168.1.0/24: Scans all 256 IPs in the local subnet -
--script=vuln: is an Nmap option that runs scripts to detect known vulnerabilities on a target system.
-
Devices Found: 1 host is up.
- 192.168.1.1
-
Open Ports:
| PORT | STATE | SERVICE | VERSION |
|---|---|---|---|
| 21/tcp | open | ftp | GNU Inetutils FTPd 1.4.1 |
| 53/tcp | open | domain | dnsmasq 2.87 |
| 80/tcp | open | http | Boa HTTPd 0.93.15 |
| 443/tcp | open | ssl/http | Boa HTTPd 0.93.15 |
- Screenshots:
- Identify potentially risky open ports : 21 - FTP, 80 -HTTP , 443 - HTTPS
- Identified Vulnerabilities (SEVERITY RISK Factor : HIGH)
- Suggestions for securing these ports (e.g., close unused ports, use firewall)
| Port | Service | Problem | Solution |
|---|---|---|---|
| 21 | FTP | FTP transmits credentials in cleartext. | - Disable FTP if not in use. - Replace with SFTP or FTPS for secure file transfer. - Use strong access control and limit IPs allowed to connect. |
| 22 | SSH | Port is filtered, might be intentionally firewalled. | - Change default port from 22 to something higher (e.g., 2202). - Use key-based authentication, disable password login. - Enable fail2ban or rate-limiting to block brute-force attempts. |
| 53 | DNS | DNS services can be misused for amplification attacks or poisoning. | - Restrict DNS to internal IPs only. - Disable recursion for external queries. - Monitor DNS traffic for anomalies. |
| 80 | HTTP | Vulnerabilities: - Detected CSRF form ( /boaform/admin/formLogin)- XSS scan attempted, but no stored or DOM XSS found |
- Redirect HTTP to HTTPS. - Implement anti-CSRF tokens. - Sanitize user inputs and use security headers ( Content-Security-Policy, etc.). |
| 443 | HTTPS | Vulnerabilities: - Heartbleed (CVE-2014-0160) - POODLE (CVE-2014-3566) - CCS Injection (CVE-2014-0224) |
- Upgrade OpenSSL to latest version (>=1.0.1h or newer). - Disable SSLv3 and weak cipher suites ( TLS_RSA_WITH_AES_128_CBC_SHA).- Prefer TLS 1.2 or TLS 1.3 only. - Reissue certificates if Heartbleed has been detected (possible key leak). |
-
Use a firewall (e.g., UFW, iptables) to allow only needed ports.
-
Run
nmapscans regularly to detect changes. -
Keep all services updated (especially SSL libraries).
-
Enable intrusion detection systems (IDS) like Snort or Suricata.
-
Document exposed services and regularly audit them.
-
Gained hands-on experience using Nmap for port and vulnerability scanning.
-
Understood the role of port scanning in identifying exposed services.
-
Learned how attackers use scans to find weak points in a network.
-
Detected real-world vulnerabilities like Heartbleed, POODLE, and CSRF.
-
Learned how to analyze scan results and recommend security fixes.
-
Improved skills in documentation and basic network security.